Audit: FL’s electronic motor vehicle system needs security improvements

William Patrick | Florida Watchdog.org

TALLAHASSEE, Fla. — A newly released audit of the Florida Department of Highway Safety and Motor Vehicles’ electronic processing system raises some serious red flags.

DAVID W. MARTIN, Florida Auditor General

Nine of them, to be exact.

The system, known as the Florida Real Time Vehicle Information System, is used by the department, local tax collectors and tag offices throughout the state to process license plates, titles and vehicle registrations along with all associated taxes and fees.

On its website, the agency claims to “come into contact with nearly every Floridian as well as many visitors to our state.”

Last year, the system processed 335 million transactions and collected $2.3 billion.

Some of that information, much of it highly sensitive, has been at risk.

Auditors found nine separate areas where the system’s internal controls were lacking, three of which were previously cited in a 2008 review. In one instance, auditors found multiple issues with employees, contractors and outside agency employees having access to data they shouldn’t have.

“These conditions increase the risk of errors, fraud, misuse, or other unauthorized modification of FRVIS data,” the audit states.

One employee had access to the FRVIS system and its database more than 5 1/2 years after being fired. Seventeen employees had their user IDs deactivated but still had widespread access to sensitive information.

Another 27 employees and contractors had the ability to alter database tables critical to fee calculations, and an additional two dozen user IDs with inappropriate access privileges didn’t even identify the original person assigned to the ID.

The report cites various other examples of substandard data security, but the review only focused on evaluating the effectiveness of the program and didn’t investigate potential wrongdoing.

Watchdog.org contacted the Department of Safety and Motor Vehicles for comment but was told in an email, “The Department’s response to the audit was provided to the Auditor General and is included in the report.”

An April 3 letter signed by Julie L. Jones, the department’s executive director, states that “the results of (the) report will be used as part of the Department’s continuous efforts to improve operations.”

A similar letter dated June 12, 2008, and signed by former executive director Electra Theodorides-Bustle, stated in relation to faulty security issues, “The Department is addressing the confidential recommendations related to the FRVIS audit… We will develop a detailed action plan as a high priority initiative to strengthen security related controls as discussed.”

Contact William Patrick at wpatrick@watchdog.org

Rob Port is the editor of SayAnythingBlog.com, a columnist for the Forum News Service, and host of the Plain Talk Podcast which you can subscribe to by clicking here.

Top